mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

busybox: backport patches to fix CVEs

Browse Source 
Backport patches to fix the following CVEs:
CVE-2021-42373
CVE-2021-42378
CVE-2021-42379
CVE-2021-42380
CVE-2021-42381
CVE-2021-42382
CVE-2021-42383
CVE-2021-42384
CVE-2021-42385
CVE-2021-42386

(From OE-Core rev: 33f6fb263edd7dd0f5f97f1cf02f63978dbfba09)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Chen Qi
2022-01-04 18:19:56 -08:00
committed by Richard Purdie
parent e31641c608
commit bde16e7473
3 changed files with 3298 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3266
meta/recipes-core/busybox/busybox/0001-awk-fix-CVEs.patch Normal file
View File

File diff suppressed because it is too large Load Diff

30
meta/recipes-core/busybox/busybox/0002-man-fix-segfault-in-man-1.patch Normal file
View File

@@ -0,0 +1,30 @@
From 4975cace9bf96bfde174f8bb5cc4068d2ea294d4 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Tue, 15 Jun 2021 14:47:46 +0200
Subject: [PATCH] man: fix segfault in "man 1"
function old new delta
man_main 942 954 +12
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream-Status: Backport [4d4fc5ca5ee4f]
CVE: CVE-2021-42373
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
miscutils/man.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/miscutils/man.c b/miscutils/man.c
index 722f6641e..d319e8bba 100644
--- a/miscutils/man.c
+++ b/miscutils/man.c
@@ -324,7 +324,7 @@ int man_main(int argc UNUSED_PARAM, char **argv)
/* is 1st ARG a SECTION? */
sec_list = conf_sec_list;
- if (is_section_name(conf_sec_list, *argv)) {
+ if (is_section_name(conf_sec_list, *argv) && argv[1]) {
/* yes */
sec_list = *argv++;
}

2
meta/recipes-core/busybox/busybox_1.33.2.bb
View File

@@ -48,6 +48,8 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \
file://0001-gen_build_files-Use-C-locale-when-calling-sed-on-glo.patch \
file://0001-mktemp-add-tmpdir-option.patch \
file://0001-awk-fix-CVEs.patch \
file://0002-man-fix-segfault-in-man-1.patch \
"
SRC_URI_append_libc-musl = " file://musl.cfg "